[openssl-users] Trying to understand DTLS (as it applies to webrtc)

Matt Caswell matt at openssl.org
Fri May 1 22:40:13 UTC 2015

On 01/05/15 02:11, faraz khan wrote:
> Hi everyone,
> This is my first time posting to this list - so if theres a better place
> for this question please let me know.
> The problem I'm trying to fix applies to the Janus webrtc gateway
> (https://github.com/meetecho/janus-gateway) and my application which is
> using native C++ webrtc.
> What happens is that after hundreds of successful connections, sometimes
> the Janus server is unable to negotiate a DTLS handshake and after a key
> exchange the webrtc client replied with a DTLS Alert: Decrypt failed
> message. I'm attaching a wireshark trace of the issue happening and one
> for the correct negotiation.

Can you confirm that the trace you attached for the correct negotiation
also came from Janus? I spotted some odd things about the extensions in
the ClientHello:

It has the "extended master secret" extension. That extension is not
supported by any released version of OpenSSL (we have it in the dev
version of 1.1.0 - but that is unreleased).

It correctly adds the ec_point_formats and elliptic_curves extensions.
However it so happens that OpenSSL 1.0.1f has a bug in it (not in the
latest version) which suppresses those extensions for DTLS (this is a
significant enough bug in itself that it is worthwhile upgrading your

OpenSSL always adds extensions in the same order - and these extensions
are in a different order.

Due to the above it looks to me like the OpenSSL DTLS stack was not used
to generate that ClientHello. The failed one *does* look like an OpenSSL
generated ClientHello.


More information about the openssl-users mailing list